Legend: some experts believe "all types of digital risk" caused precisely $456,134,500,000 to $557,497,700,000 in total global damage in 2004. (This is not a typo.) Reality: a company named "mi2g" declared this guesstimate as a publicity stunt. Reason experts are duped: no statistically accepted metrics exist to gauge virus & hacking costs -- and no statistically valid data exists to gauge worldwide virus proliferation. Therefore, any cost estimate is as good as any other cost estimate. Fallout: limited mostly to gullible reporters who crave dollar figures. Computer security firms prefer to cite plausible-sounding guesstimates. However, some experts can't resist spreading the legend in their lectures.

Experts believe a 12yr-old hacker once controlled the floodgates of a dam

Legend: experts around the world believe a 12yr-old hacker took control of the floodgates at the Roosevelt Dam in 1998, which threatened a large populated area in Arizona. Reality: in 1994, a 27yr-old hacker dialed into a server that monitored the water levels of canals in the Phoenix area. Investigators concluded it posed no threat to safety. Reason experts are duped: the story has been retold over the years by people who simply don't bother to check facts. In 2002, for example, the White House cyberspace security advisor declared "we've seen 14- and 15yr-olds hack their way into things like the control system for a dam in Arizona." In some cases, these experts will insist they can't provide specifics due to reasons of confidentiality. Fallout: experts are encouraged to retell anecdotes without checking the facts because few reporters will question a tall tale.

Legend: experts around the world believe the Melissa virus crashed 300 of the Fortune 500 firms in March 1999. Reality: only 10-25 Fortune firms crashed when Melissa swamped the world. Another 250+ lemmings disconnected from the Internet as a precaution. Reason experts are duped: clueless reporters constantly repeat the legend in virus stories. Fallout:Melissa hysteria started a trend of "precautionary disconnects" which continued throughout 1999, culminating in a worldwide lemming shutdown to avoid non-existent Y2K viruses.

Legend: experts around the world believe the ILoveYou virus in May 2000 caused $2.7 billion, $4.7 billion, $6.7 billion, or $8.7 billion in damages. Reality: Computer Economics, Inc. concocted the first three estimates as a publicity stunt during the peak of ILoveYou hysteria. They concocted the fourth estimate after the hysteria died down. Reason experts are duped: no statistically accepted metrics exist to gauge virus costs -- and no statistically valid data exists to gauge worldwide virus proliferation. Therefore, any cost estimate is as good as any other cost estimate. Fallout: the antivirus industry can cite yet another plausible-sounding estimate.

Legend: experts around the world believe viruses caused a total of $12.1 billion in damages worldwide in 1999, and caused a total of $17.1 billion in damages in 2000. Reality: Computer Economics, Inc. declared these estimates in press releases as a publicity stunt. Reason experts are duped: no statistically accepted metrics exist to gauge virus costs -- and no statistically valid data exists to gauge worldwide virus proliferation. Therefore, any cost estimate is as good as any other cost estimate. Fallout: the antivirus industry can cite yet another plausible-sounding estimate.

Experts believe the Chernobyl virus physically destroyed up to a million PCs in 1999

Legend: experts around the world believe the Chernobyl virus physically destroyed up to a million PCs in Asia on 26 April 1999. Reality: the media quoted Asian computer consultants and high-ranking ministry officials who speculated wildly about the number of damaged PCs. Reason experts are duped: few non-Asian reporters & virus experts have reliable Asian sources, so everybody took the initial media reports at face value. Also, no one bothered to conduct a reliable follow-up estimate after the hysteria subsided. Fallout: the media will accept at face value any high-ranking public official who makes up estimates and flavors them with tear-jerking anecdotes.

Experts believe the Morris Internet worm caused $98 million in damages in 1988

Legend: experts around the world claim the Morris Internet worm of 1988 cost $98 million to clean up. Reality: antivirus vendor John McAfee concocted giant damage estimates as a publicity stunt. Reason experts are duped: reporters couldn't resist McAfee's publicity stunts. They repeated his estimate so often (without attribution) that it entered the public consciousness before most of today's experts got into the business. Fallout: it paved the way for 'big lies' and 'plausible estimates' in the virus world. If you say something loud enough & long enough, it becomes the truth. Vmyths editor Rob Rosenberger first tackled this legend in 1989.